This one had me puzzled for a few days. Dynamic VTI at the Hub and VTI at the spoke. All tunnels came up, pings are working but BGP session is not establishing. I’ve used setup instructions from this YouTube Video.
Packet capture shows BGP packets arriving at the Hub but no response. Packet tracer Result=DROP.
Syslog shows BGP request was discarded.
%FTD-7-710005: TCP request discarded from x.x.x.x/37590 to _va2:x.x.x.x/179
I had no clear indication if it was a BGP issue so I spent some time capturing and tracing. Not seeing anything obvious I turned to BGP debugging on the Hub.
There is “deb bgp 255” which was not very useful until I enabled to “deb ip bgp updates” and that is when I found the issue.
FTD-01# debug ip bgp updates
BGP: x.x.x.x Active open failed – update-source NULL is not available, open active delayed 15360ms (35000ms max, 60% jitter)
The fix was to change BGP source to be a Loopback, the same one used in DVTI VPN configuration.